Templates content
I’ve looked over the policy and found most of the topics I was looking for. However, I can’t see where the topics below would be covered—can you clarify?
Document retention
Individual user agreement (employee agreement/ responsibilities, often attached to hiring documents)
Reporting InfoSec Weaknesses and Events
Responding to InfoSec Reports
Rules for Use of E-mail
Assign topic to the user
It is not clear which policy you are talking about, but the information you mention can be found on the following:
- Document retention: Each policy and procedure has a section called "Managing records kept on the basis of this document" where you define topics for document retention, such as retention time and disposal method
- Individual user agreement: this information can be found in these templates: Confidentiality statement (https://advisera.com/27001academy/documentation/confidentiality-statement/), and Security Clauses for Partners and Suppliers (https://advisera.com/27001academy/documentation/security-clauses-for-suppliers-and-partners/) which can also be used for employment contracts
- Reporting InfoSec Weaknesses and Events: this information can be found in template Incident management procedure: https://advisera.com/27001academy/documentation/incident-management-procedure/
- Responding to InfoSec Reports: I'm assuming that by this one you are referring to response to information security incidents. In this case this information can also be found in template Incident management procedure
- Rules for use of e-mail can be found on template IT security policy: https://advisera.com/27001academy/documentation/it-security-policy/
Comment as guest or Sign in
Oct 14, 2019